[Cialug] Need some firewall help

[<Crouse-CIALUG2316@xxxxxxxxxxxxxx>]

I have someone repeatedly hitting my server..... we are talking in the 
hundreds of thousands of times..... I need to set a firewall rule to 
shut this down.

If you look at this page
http://usalug.org/phpBB2/viewforum.php?f=2

about the 5th topic down you will see "Newbie guide for the FTP install 
of SuSe 9.0" and see that it now has 157,377 pageviews.... should have 
only been about 30,000 that is what I first noticed........ that that 
particular topic jumped dramatically in pageviews...

The apache log shows the following IP address's as the offenders..... 
both were blocked by IP address....

P address: 151.204.79.65
Host name: pool-151-204-79-65.delv.east.verizon.net
TraceRoute to 151.204.79.65 [pool-151-204-79-65.delv.east.verizon.net]

IP address: 141.150.239.157
Host name: pool-141-150-239-157.delv.east.verizon.net
TraceRoute to 141.150.239.157 
[pool-141-150-239-157.delv.east.verizon.net]

I was able to block both IP addresses from accessing the site, but I'm 
fairly certain it's probably a spoofed IP........ although they did 
both come from east.verizon.net  ..... anyway, I blocked the first 
IP....... couple days later.......the second one starts reloading the 
same page ...... over and over and over.

........... anyway....... to get to the END of my story, I'm looking to 
set a firewall rule that will STOP that..... that isn't dependent on IP 
address but rather by the number of times a page is requested in a row 
or the number of times an IP address tries to access the site in 60 
seconds etc etc.....

or if you have any other suggestions...... tips, I'm all ears.  I have 
webmin installed and can edit the firewall rules there, but just not 
sure of the exact setup I should use. By packet flow rate ?? or Packet 
burst rate ?? I'm not very well versed in firewalls.

Thanks,

Dave
_______________________________________________
Cialug mailing list
Cialug@xxxxxxxxxx
http://cialug.org/mailman/listinfo/cialug